Adel Sabry EESA, Sheren SADIQ, Masoud HASSAN, Zeynep ORMAN

Saldırı Tespit Sistemi için Değiştirilmiş Mürekkep Balığı Algoritması Tabanlı Kural Üretimi

Günümüzde, ağa bağlı makinelerin ve Internet teknolojilerinin hızla yaygınlaşmasıyla, saldırı tespit sistemleri giderek daha fazla talep görmektedir. Buna bağlı olarak, dış ve iç saldırganların çok sayıda yasadışı faaliyetinin tespit edilmesi gerekmektedir. Bu nedenle, veri ve bilgilerin korunması için bu tür yasadışı faaliyetlerin erken tespiti gerekli ve önemlidir. Bu makalede, veri madenciliğinde saldırı tespit problemiyle başa çıkmak amacıyla Mürekkepbalığı Optimizasyon Algoritmasının yeni bir kural oluşturma yöntemi olarak kullanımı araştırılmıştır. Önerilen yöntemin etkinliği, farklı değerlendirme yöntemlerine dayalı olarak KDD Cup 99 veri seti kullanılarak test edilmiştir. Ayrıca, elde edilen sonuçlar Karar Ağacı, Naïve Bayes, Destek Vektör Makinesi ve K-En Yakın Komşu gibi bazı klasik iyi bilinen algoritmalar ile alınan sonuçlarla karşılaştırılmıştır. Deneysel sonuçlarımız, önerilen yöntemin iyi bir sınıflandırma performansı sergilediğini ve diğer geleneksel algoritmaların performansıyla karşılaştırıldığında önemli ölçüde tercih edilebilir sonuçlar verdiğini göstermektedir. Önerilen yöntem, hassasiyet, geri çağırma ve eğri altındaki alan açısından sırasıyla %93.9, %92.2 ve %94.7 değerlerini elde etmiştir.

Anahtar Kelimeler:

Saldırı Tespit Sistemi, Veri Madenciliği, Mürekkepbalığı Algoritması, Sınıflandırma, Kural Keşfi

RULE GENERATION BASED ON MODIFIED CUTTLEFISH ALGORITHM FOR INTRUSION DETECTION SYSTEM

Nowadays, with the rapid prevalence of networked machines and Internet technologies, intrusion detection systems are increasingly in demand. Consequently, numerous illicit activities by external and internal attackers need to be detected. Thus, earlier detection of such activities is necessary for protecting data and information. In this paper, we investigated the use of the Cuttlefish optimization algorithm as a new rule generation method for the classification task to deal with the intrusion detection problem. The effectiveness of the proposed method was tested using KDD Cup 99 dataset based on different evaluation methods. The obtained results were also compared with the results obtained by some classical well-known algorithms namely Decision Tree (DT), Naïve Bayes (NB), Support Vector Machine (SVM), and K-Nearest Neighborhood (K-NN). Our experimental results showed that the proposed method demonstrates a good classification performance and provides significantly preferable results when compared with the performance of other traditional algorithms. The proposed method produced 93.9%, 92.2%, and 94.7% in terms of precision, recall, and area under curve, respectively.

Keywords:

Intrusion Detection System, Data mining, Cuttlefish Algorithm, Classification, Rule Discovery,

PDF

___

Aburomman, A.A. and Reaz, M.B.I. (2016) A novel SVM-kNN-PSO ensemble method for intrusion detection system, Applied Soft Computing Journal, 38, 360–372. doi:10.1016/j.asoc.2015.10.011
Aghdam, M. H. and Kabiri, P. (2016) Feature Selection for Intrusion Detection System Using Ant Colony Optimization, International Journal of Network Security, 18(3), 420-432. https://pdfs.semanticscholar.org/022d/50ecb37eb6c78be9728ed7bc198a29cc6915.pdf
Ali, G.A. and Jantan, A. (2011) A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural Network and Bees Algorithm, International Conference on Software Engineering and Computer Systems, Springer, Berlin, Heidelberg, 777–792. doi:10.1007/978-3-642-22203-0_65
Arshak, Y., and Eesa, A. (2018) A New Dimensional Reduction Based on Cuttlefish Algorithm for Human Cancer Gene Expression, International Conference on Advanced Science and Engineering, IEEE, Duhok, Iraq, 48-53. doi: 10.1109/ICOASE.2018.8548908
Balasaraswathi, V.R., Sugumaran, M. and Hamid, Y. (2018) Chaotic Cuttle Fish Algorithm for Feature Selection of Intrusion Detection System. International Journal of Pure and Applied Mathematics, 119(10), 921–935. https://acadpubl.eu/jsi/2018-119-10/articles/10a/81.pdf
Chung, Y.Y. and Wahid, N. (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO), Applied Soft Computing, 12(9), 3014–3022. doi:10.1016/J.ASOC.2012.04.020
Duric, Z. (2014) WAPTT - Web Application Penetration Testing Tool, Advances in Electrical and Computer Engineering, 14(1), 93–102. doi:10.4316/AECE.2014.01015
Eesa, A.S., Abdulazeez, A.M.A., and Orman, Z. (2017) A DIDS Based on The Combination of Cuttlefish Algorithm and Decision Tree, Science Journal of University of Zakho. doi:10.25271/2017.5.4.382
Eesa, A.S., Brifcani, A.M.A and Orman, Z. (2014) A New Tool for Global Optimization Problems-Cuttlefish Algorithm, International Journal of Computer and Information Engineering, World Academy of Science, Engineering and Technology, 8(9), 1235–1239. https://waset.org/publications/9999515/a-new-tool-for-global-optimization-problems-cuttlefish-algorithm
Eesa, A.S. and Orman, Z. (2020), A new clustering method based on the bio‐inspired cuttlefish optimization algorithm, Expert Systems, 37, 1-13. doi:10.1111/exsy.12478
Eesa, A.S., Orman, Z. and Brifcani, A.M.A. (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems, Expert Systems with Applications, 42(5), 2670–2679. doi:10.1016/J.ESWA.2014.11.009
Gauthama, R.M.R., Somu, N., Kirthivasan, K., Liscano, R. and Shankar S.V.S. (2017) An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine, Knowledge-Based Systems, 134, 1–12. doi:10.1016/j.knosys.2017.07.005
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P. and Witten, I.H. (2009). The WEKA data mining software: an update. ACM SIGKDD Explorations Newsletter, 11(1), 10. doi:10.1145/1656274.1656278
Hamamoto, A.H., Carvalho, L.F., Sampaio, L.D.H., Abrão, T. and Proença, M.L. (2018) Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic, Expert Systems with Applications, 92, 390–402. doi:10.1016/J.ESWA.2017.09.013
Issa, A.S. and Brifcani, A.M. (2011) Intrusion Detection and Attack Classifier Based on Three Techniques: A Comparative Study, Engineering and Technology Journal, 29(2), 386–412. https://www.iasj.net/iasj?func=article&aId=26174
Jiao, Y. and Du, P. (2016) Performance measures in evaluating machine learning based bioinformatics predictors for classifications, Quantitative Biology, 4(4), 320–330. doi:10.1007/s40484-016-0081-2
Jose, S., Malathi, D., Reddy, B. and Jayaseeli, D. (2018) A Survey on Anomaly Based Host Intrusion Detection System, Journal of Physics: Conference Series, 1000(1), 012049. doi:10.1088/1742-6596/1000/1/012049
Kanaka, V.K. and Sitamahalakshmi, T. (2017) Implementation of Intrusion Detection System Using Artificial Bee Colony with Correlation-Based Feature Selection, Advances in Intelligent Systems and Computing, Springer, Singapor, 507, 107–115. doi:10.1007/978-981-10-2471-9_11
Khraisat, A., Gondal, I. and Vamplew, P. (2018) An Anomaly Intrusion Detection System Using C5 Decision Tree Classifier, Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, Cham, 149–155. doi:10.1007/978-3-030-04503-6_14
Khraisat, A., Gondal, I., Vamplew, P. and Kamruzzaman, J. (2019) Survey of intrusion detection systems: techniques, datasets and challenges, Cybersecurity, 2(1), 20. doi:10.1186/s42400-019-0038-7
Kiziloluk, S. and Alatas, B. (2015) Automatic mining of numerical classification rules with parliamentary optimization algorithm, Advances in Electrical and Computer Engineering, 15(4), 17–24. doi:10.4316/AECE.2015.04003
Koc, L., Mazzuchi, T.A. and Sarkani, S. (2012) A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier, Expert Systems with Applications, 39(18), 13492–13500. doi:10.1016/J.ESWA.2012.07.009
Li, W., Yi, P., Wu, Y., Pan, L. and Li, J. (2014) A new intrusion detection system based on KNN classification algorithm in wireless sensor network, Journal of Electrical and Computer Engineering, 2014.doi:10.1155/2014/240217
Li, Yang and Guo, L. (2007) An active learning based TCM-KNN algorithm for supervised network intrusion detection, Computers and Security, 26(7–8), 459–467. doi:10.1016/j.cose.2007.10.002
Li, Yinhui, Xia, J., Zhang, S., Yan, J., Ai, X. and Dai, K. (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method, Expert Systems with Applications, 39(1), 424–430. doi:10.1016/j.eswa.2011.07.032
Mukherjee, S. and Sharma, N. (2012) Intrusion Detection using Naive Bayes Classifier with Feature Reduction, Procedia Technology, 4, 119–128. doi:10.1016/J.PROTCY.2012.05.017
Panigrahi, R. and Borah, S. (2018) Rank Allocation to J48 Group of Decision Tree Classifiers using Binary and Multiclass Intrusion Detection Datasets, Procedia Computer Science, 132, 323–332. doi:10.1016/j.procs.2018.05.186
Patel, K. and Buddhadev, B. (2015) Predictive rule discovery for network intrusion detection, Advances in Intelligent Systems and Computing, 321, 287–298. doi:10.1007/978-3-319-11227-5_25
Eesa, A.S., Brifcani, A.M.A and Orman, Z. (2013) Cuttlefish Algorithm – A Novel Bio-Inspired Optimization Algorithm, International Journal of Scientific & Engineering Research, 4(9), 1978-1986. https://www.ijser.org/onlineResearchPaperViewer.aspx?Cuttlefish-Algorithm-A-Novel-Bio-Inspired-Optimization-Algorithm.pdf
Schuh, G., Reinhart, G., Prote, J.P., Sauermann, F., Horsthofer, J., Oppolzer, F. and Knoll, D. (2019) Data mining definitions and applications for the management of production complexity, Procedia CIRP, 81, 874–879. doi:10.1016/j.procir.2019.03.217
Sumaiya, T.I. and Aswani, K.C. (2017) Intrusion detection model using fusion of chi-square feature selection and multi class SVM, Journal of King Saud University - Computer and Information Sciences, 29(4), 462–472. doi:10.1016/J.JKSUCI.2015.12.004
Swarnkar, M. and Hubballi, N. (2016) OCPAD: One class Naive Bayes classifier for payload based anomaly detection, Expert Systems with Applications, 64, 330–339. doi:10.1016/j.eswa.2016.07.036
Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A.A. (2009) A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 1–6. doi:10.1109/CISDA.2009.5356528
Tharwat, A. (2018) Classification assessment methods, Applied Computing and Informatics. https://doi.org/10.1016/j.aci.2018.08.003
UCI Machine Learning Repository (2015) KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Vancea, F. (2014) Intrusion Detection in NEAR System by Anti-denoising Traffic Data Series using Discrete Wavelet Transform, Advances in Electrical and Computer Engineering, 14(4), 43–48. doi:10.4316/AECE.2014.04007
Varma, P.R.K., Kumari, V.V. and Kumar, S.S. (2016) Feature Selection Using Relative Fuzzy Entropy and Ant Colony Optimization Applied to Real-time Intrusion Detection System, Procedia Computer Science, 85, 503–510. doi:10.1016/J.PROCS.2016.05.203
Zhang, J., Ling, Y., Fu, X., Yang, X., Xiong, G. and Zhang, R. (2020) Model of the intrusion detection system based on the integration of spatial-temporal features, Computers and Security, 89, 101681. doi:10.1016/j.cose.2019.101681
Zhao, M., Zhai, J. and He, Z. (2010) Intrusion detection system based on support vector machine active learning and data fusion, Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 272–279. doi:10.1007/978-3-642-16493-4_28